CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpensuse Tumbleweed
OSOpensusewszystkie wersjeSaltstack Salt
APPSaltstack< 3002.2SUSE Linux Enterprise Server
OSSuse15
Related vulnerabilities
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...
Path Traversal w SaltStack Salt – zapis dowolnych plików w katalogu cache mastera
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the...
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Th...